diff mbox series

[v8,26/32] fanotify: WARN_ON against too large file handles

Message ID 20211019000015.1666608-27-krisman@collabora.com (mailing list archive)
State New, archived
Headers show
Series file system-wide error monitoring | expand

Commit Message

Gabriel Krisman Bertazi Oct. 19, 2021, midnight UTC
struct fanotify_error_event, at least, is preallocated and isn't able to
to handle arbitrarily large file handles.  Future-proof the code by
complaining loudly if a handle larger than MAX_HANDLE_SZ is ever found.

Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com>
---
 fs/notify/fanotify/fanotify.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

Comments

Amir Goldstein Oct. 19, 2021, 6:02 a.m. UTC | #1
On Tue, Oct 19, 2021 at 3:03 AM Gabriel Krisman Bertazi
<krisman@collabora.com> wrote:
>
> struct fanotify_error_event, at least, is preallocated and isn't able to
> to handle arbitrarily large file handles.  Future-proof the code by
> complaining loudly if a handle larger than MAX_HANDLE_SZ is ever found.
>
> Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>

> ---
>  fs/notify/fanotify/fanotify.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
> index cedcb1546804..45df610debbe 100644
> --- a/fs/notify/fanotify/fanotify.c
> +++ b/fs/notify/fanotify/fanotify.c
> @@ -360,13 +360,23 @@ static u32 fanotify_group_event_mask(struct fsnotify_group *group,
>  static int fanotify_encode_fh_len(struct inode *inode)
>  {
>         int dwords = 0;
> +       int fh_len;
>
>         if (!inode)
>                 return 0;
>
>         exportfs_encode_inode_fh(inode, NULL, &dwords, NULL);
> +       fh_len = dwords << 2;
>
> -       return dwords << 2;
> +       /*
> +        * struct fanotify_error_event might be preallocated and is
> +        * limited to MAX_HANDLE_SZ.  This should never happen, but
> +        * safeguard by forcing an invalid file handle.
> +        */
> +       if (WARN_ON_ONCE(fh_len > MAX_HANDLE_SZ))
> +               return 0;
> +
> +       return fh_len;
>  }
>
>  /*
> --
> 2.33.0
>
Jan Kara Oct. 19, 2021, 2:06 p.m. UTC | #2
On Mon 18-10-21 21:00:09, Gabriel Krisman Bertazi wrote:
> struct fanotify_error_event, at least, is preallocated and isn't able to
> to handle arbitrarily large file handles.  Future-proof the code by
> complaining loudly if a handle larger than MAX_HANDLE_SZ is ever found.
> 
> Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/notify/fanotify/fanotify.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
> index cedcb1546804..45df610debbe 100644
> --- a/fs/notify/fanotify/fanotify.c
> +++ b/fs/notify/fanotify/fanotify.c
> @@ -360,13 +360,23 @@ static u32 fanotify_group_event_mask(struct fsnotify_group *group,
>  static int fanotify_encode_fh_len(struct inode *inode)
>  {
>  	int dwords = 0;
> +	int fh_len;
>  
>  	if (!inode)
>  		return 0;
>  
>  	exportfs_encode_inode_fh(inode, NULL, &dwords, NULL);
> +	fh_len = dwords << 2;
>  
> -	return dwords << 2;
> +	/*
> +	 * struct fanotify_error_event might be preallocated and is
> +	 * limited to MAX_HANDLE_SZ.  This should never happen, but
> +	 * safeguard by forcing an invalid file handle.
> +	 */
> +	if (WARN_ON_ONCE(fh_len > MAX_HANDLE_SZ))
> +		return 0;
> +
> +	return fh_len;
>  }
>  
>  /*
> -- 
> 2.33.0
>
diff mbox series

Patch

diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
index cedcb1546804..45df610debbe 100644
--- a/fs/notify/fanotify/fanotify.c
+++ b/fs/notify/fanotify/fanotify.c
@@ -360,13 +360,23 @@  static u32 fanotify_group_event_mask(struct fsnotify_group *group,
 static int fanotify_encode_fh_len(struct inode *inode)
 {
 	int dwords = 0;
+	int fh_len;
 
 	if (!inode)
 		return 0;
 
 	exportfs_encode_inode_fh(inode, NULL, &dwords, NULL);
+	fh_len = dwords << 2;
 
-	return dwords << 2;
+	/*
+	 * struct fanotify_error_event might be preallocated and is
+	 * limited to MAX_HANDLE_SZ.  This should never happen, but
+	 * safeguard by forcing an invalid file handle.
+	 */
+	if (WARN_ON_ONCE(fh_len > MAX_HANDLE_SZ))
+		return 0;
+
+	return fh_len;
 }
 
 /*